问题
How do I configure (ideally) Apache (or alternatively) PHP to respond specifically with an HTTP 405 when the request method is not GET or POST?
My Apache .htaccess attempt does block requests except it returns the incorrect HTTP 403 response:
<LimitExcept GET POST>
Order Allow,Deny
Deny from all
</LimitExcept>
In PHP I've used the following at the absolute start of where requests are handled and it just gets completely ignored:
if (!in_array($_SERVER['REQUEST_METHOD'],array('GET','POST')))
{
header('Access-Control-Allow-Methods: GET, POST');
header('HTTP/1.1 405');
die();
}
回答1:
You can use below redirect rule to disable method and return 405 error code.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(POST|GET)$
RewriteRule .* - [R=405]
来源:https://stackoverflow.com/questions/62652001/blocked-http-methods-are-not-returning-http-405-response